I love software construction, and I like to blog about it. I specialize in Microsoft's Windows Azure cloud computing platform, so that tends to be my most frequent topic.
I currently work for Microsoft, and I hold the dubious honor of being the world's first former Windows Azure MVP.

Pages

Saturday, March 10, 2012

Roanoke Code Camp March 2012 - Slides and Notes

Thanks to those who packed the room for my Windows Azure talk this morning at Roanoke Code Camp. Some great questions were asked, and I scrambled to take notes on these:

Database security. When it comes to using SQL Azure, the only people with access are those that have the server name, database name, username, and password. Within the data center itself, servers are managed by an infrastructure team (Global Foundation Services), and the GFS team cannot identify which servers are running Windows Azure vs. other services. Data is not encrypted by default, but there’s nothing stopping you from doing so yourself before storing data.

Storage security. While we didn’t specifically drill down on this, this is similar to Database Security, in that the only way to gain access to a storage account is with its account name and access key (you get two access keys, either of which can be expired/regenerated at any time). Blobs can be set to be either public or private (public blobs are typically used with website graphics and other generally-available content). Private blobs are accessible with a RESTful call containing an access key or with a specially-signed “shared access signature” that’s time-limited.

With low-cost shared hosters, your app is typically deployed alongside dozens (or possibly hundreds) of other websites. A large-volume site can consume a large portion of machine resources, negatively impacting your app. Also: What happens if you need to scale to additional servers? Or to a larger server? What about uptime SLA, or adding additional services such as databases or caches?

Windows Azure allows you to scale up/down (larger / smaller VMs) and out/in (more / less VMs) programmatically, via PowerShell, or through the Portal, in minutes. You can add new databases almost-instantly. You have an availability SLA as you scale to 2 or more instances.

So… just comparing on price alone is not an apples-to-apples comparison.

MongoDB? More info please! Someone approached me after the talk, citing MongoDB as the coolest part of the demo. For more information, head over to the MongoDB website. You can also download a fully-functional demo app with ASP.NET MVC + MongoDB from github, here (this is what I demo’d today).

What about the setup? If you head to WindowsAzure.com, you’ll see the Developer Center. From there, you can download the Windows Azure tools (which includes a local emulator for Compute and Storage, that runs on your computer), as well as the SDK of your choice. There are currently SDKs for .NET, Java, PHP and Node.js, but you can access Windows Azure through any language using direct calls to the REST APi for storage, compute, management, and other functionality. See this MSDN article for more information about the REST APIs.

Is an ASP.NET Web Site needed along with a Cloud Project? During lunch, I was discussing this with someone. The key project type is the Cloud Project, which lets you define one or more VM types, or Roles. We built a sample app with a Web Role (ASP.NET MVC). We also saw a MongoDB project with both a Web Role (for the UI) and a Worker Role (for the MongoDB database). There is no need to add a Web Role, or even have a website associated with your solution at all. Imagine the case where you simply want to run a scheduled task on the hour (maybe grabbing some stock quotes and updating portfolios in a database). In that simple example, there’s no UI; just a timed process running in a Windows 2008 Server VM, set up as a Worker Role (e.g. no IIS running). One more example: When we looked at the Java app, it was set up to run Apache Tomcat. Since IIS is not needed in that case, the Java app is actually deployed to a Worker Role (with Tomcat simply being an executable process that listens on port 80 and 443, just like IIS would.